{"version":3,"sources":["../src/algorithm.ts","../src/private-key.ts","../src/public-key.ts","../src/signatures.ts","../src/key-pair.ts","../src/grind-keypair.ts","../src/write-keypair.ts"],"names":["SolanaError","signature","privateKey"],"mappings":";;;;;;;;;AAAO,IAAM,4BAAA;AAAA;AAAA;AAAA,EAGT,MAAA,CAAO,MAAA,CAAO,EAAE,IAAA,EAAM,WAAW;AAAA,CAAA;ACErC,SAAS,eAAe,KAAA,EAA4D;AAEhF,EAAA,OAAO,IAAI,UAAA,CAAW;AAAA;AAAA;AAAA;AAAA,IAIlB,EAAA;AAAA;AAAA,IACA,EAAA;AAAA;AAAA,IAEI,CAAA;AAAA;AAAA,IACA,CAAA;AAAA;AAAA,IACI,CAAA;AAAA;AAAA,IAEJ,EAAA;AAAA;AAAA,IACA,CAAA;AAAA;AAAA,IACI,CAAA;AAAA;AAAA,IACA,CAAA;AAAA;AAAA;AAAA,IAEQ,EAAA;AAAA;AAAA,IACA,GAAA;AAAA;AAAA;AAAA,IAEA,GAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAKhB,CAAA;AAAA;AAAA,IACA,EAAA;AAAA;AAAA;AAAA,IAGI,CAAA;AAAA;AAAA,IACA,EAAA;AAAA;AAAA,IAEJ,GAAG;AAAA,GACN,CAAA;AACL;AAoBA,eAAsB,yBAAA,CAClB,KAAA,EACA,WAAA,GAAuB,KAAA,EACL;AAClB,EAAA,MAAM,eAAe,KAAA,CAAM,UAAA;AAC3B,EAAA,IAAI,iBAAiB,EAAA,EAAI;AACrB,IAAA,MAAM,IAAI,YAAY,mDAAA,EAAqD;AAAA,MACvE;AAAA,KACH,CAAA;AAAA,EACL;AACA,EAAA,MAAM,oBAAA,GAAuB,eAAe,KAAK,CAAA;AACjD,EAAA,OAAO,MAAM,MAAA,CAAO,MAAA,CAAO,UAAU,OAAA,EAAS,oBAAA,EAAsB,8BAA8B,WAAA,EAAa;AAAA,IAC3G;AAAA,GACH,CAAA;AACL;ACpDA,eAAsB,0BAAA,CAClB,UAAA,EACA,WAAA,GAAuB,KAAA,EACL;AAClB,EAAA,4BAAA,EAA6B;AAE7B,EAAA,IAAI,UAAA,CAAW,gBAAgB,KAAA,EAAO;AAClC,IAAA,MAAM,IAAIA,WAAAA,CAAY,8DAAA,EAAgE,EAAE,GAAA,EAAK,YAAY,CAAA;AAAA,EAC7G;AAGA,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA,CAAU,OAAO,UAAU,CAAA;AAG3D,EAAA,OAAO,MAAM,OAAO,MAAA,CAAO,SAAA;AAAA,IACvB,KAAA;AAAA,IACA;AAAA,MACI,GAAA,EAAiB,SAAA;AAAA,MACjB,GAAA,EAAuB,WAAA;AAAA,MACvB,OAAA,EAA8B,CAAC,QAAQ,CAAA;AAAA,MACvC,GAAA,EAAoB,KAAA;AAAA,MACpB,GAAiC,GAAA,CAAI;AAAA,KACzC;AAAA,IACA,SAAA;AAAA,IACA,WAAA;AAAA,IACA,CAAC,QAAQ;AAAA,GACb;AACJ;ACxBA,IAAI,aAAA;AA8BG,SAAS,kBAAkB,iBAAA,EAAmE;AACjG,EAAA,IAAI,CAAC,aAAA,EAAe,aAAA,GAAgB,gBAAA,EAAiB;AAErD,EAAA;AAAA;AAAA,IAEI,kBAAkB,MAAA,GAAS,EAAA;AAAA,IAE3B,kBAAkB,MAAA,GAAS;AAAA,IAC7B;AACE,IAAA,MAAM,IAAIA,YAAY,wDAAA,EAA0D;AAAA,MAC5E,cAAc,iBAAA,CAAkB;AAAA,KACnC,CAAA;AAAA,EACL;AAEA,EAAA,MAAM,KAAA,GAAQ,aAAA,CAAc,MAAA,CAAO,iBAAiB,CAAA;AACpD,EAAA,sBAAA,CAAuB,KAAK,CAAA;AAChC;AA8BO,SAAS,uBACZ,sBAAA,EACgD;AAChD,EAAA,MAAM,WAAW,sBAAA,CAAuB,UAAA;AACxC,EAAA,IAAI,aAAa,EAAA,EAAI;AACjB,IAAA,MAAM,IAAIA,YAAY,iDAAA,EAAmD;AAAA,MACrE,YAAA,EAAc;AAAA,KACjB,CAAA;AAAA,EACL;AACJ;AAsBO,SAAS,YAAY,iBAAA,EAA2D;AACnF,EAAA,IAAI,CAAC,aAAA,EAAe,aAAA,GAAgB,gBAAA,EAAiB;AAGrD,EAAA;AAAA;AAAA,IAEI,kBAAkB,MAAA,GAAS,EAAA;AAAA,IAE3B,kBAAkB,MAAA,GAAS;AAAA,IAC7B;AACE,IAAA,OAAO,KAAA;AAAA,EACX;AAEA,EAAA,MAAM,KAAA,GAAQ,aAAA,CAAc,MAAA,CAAO,iBAAiB,CAAA;AACpD,EAAA,OAAO,iBAAiB,KAAK,CAAA;AACjC;AAqBO,SAAS,iBAAiB,sBAAA,EAAsF;AACnH,EAAA,OAAO,uBAAuB,UAAA,KAAe,EAAA;AACjD;AAeA,eAAsB,SAAA,CAAU,KAAgB,IAAA,EAAmD;AAC/F,EAAA,kCAAA,EAAmC;AACnC,EAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,KAAK,4BAAA,EAA8B,GAAA,EAAK,aAAA,CAAc,IAAI,CAAC,CAAA;AAClG,EAAA,OAAO,IAAI,WAAW,UAAU,CAAA;AACpC;AAgBO,SAAS,UAAU,iBAAA,EAAsC;AAC5D,EAAA,iBAAA,CAAkB,iBAAiB,CAAA;AACnC,EAAA,OAAO,iBAAA;AACX;AAgBO,SAAS,eAAe,sBAAA,EAA4D;AACvF,EAAA,sBAAA,CAAuB,sBAAsB,CAAA;AAC7C,EAAA,OAAO,sBAAA;AACX;AAkBA,eAAsB,eAAA,CAClB,GAAA,EACAC,UAAAA,EACA,IAAA,EACgB;AAChB,EAAA,uCAAA,EAAwC;AACxC,EAAA,OAAO,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,4BAAA,EAA8B,GAAA,EAAK,aAAA,CAAcA,UAAS,CAAA,EAAG,aAAA,CAAc,IAAI,CAAC,CAAA;AACtH;;;AChOA,eAAsB,eAAA,CAAgB,cAAuB,KAAA,EAA+B;AACxF,EAAA,MAAM,8BAAA,EAA+B;AACrC,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,MAAA,CAAO,WAAA;AAAA;AAAA,IAChB,4BAAA;AAAA;AAAA,IAChB,WAAA;AAAA;AAAA,IACmB,CAAC,QAAQ,QAAQ;AAAA,GACxC;AACA,EAAA,OAAO,OAAA;AACX;AA6BA,eAAsB,sBAAA,CAClB,KAAA,EACA,WAAA,GAAuB,KAAA,EACD;AACtB,EAAA,qBAAA,EAAsB;AAEtB,EAAA,IAAI,KAAA,CAAM,eAAe,EAAA,EAAI;AACzB,IAAA,MAAM,IAAID,WAAAA,CAAY,gDAAA,EAAkD,EAAE,UAAA,EAAY,KAAA,CAAM,YAAY,CAAA;AAAA,EAC5G;AACA,EAAA,MAAM,CAAC,SAAA,EAAW,UAAU,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,IAC9C,OAAO,MAAA,CAAO,SAAA;AAAA,MAAU,KAAA;AAAA,MAAO,KAAA,CAAM,MAAM,EAAE,CAAA;AAAA,MAAG,4BAAA;AAAA;AAAA,MAAgD,IAAA;AAAA,MAAM;AAAA,QAClG;AAAA;AACJ,KAAC;AAAA,IACD,0BAA0B,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,EAAE,GAAG,WAAW;AAAA,GAC5D,CAAA;AAGD,EAAA,MAAM,WAAA,GAAc,IAAI,UAAA,CAAW,EAAE,CAAA;AACrC,EAAA,MAAA,CAAO,gBAAgB,WAAW,CAAA;AAClC,EAAA,MAAM,UAAA,GAAa,MAAM,SAAA,CAAU,UAAA,EAAY,WAAW,CAAA;AAC1D,EAAA,MAAM,OAAA,GAAU,MAAM,eAAA,CAAgB,SAAA,EAAW,YAAY,WAAW,CAAA;AACxE,EAAA,IAAI,CAAC,OAAA,EAAS;AACV,IAAA,MAAM,IAAIA,YAAY,qDAAqD,CAAA;AAAA,EAC/E;AAEA,EAAA,OAAO,EAAE,YAAY,SAAA,EAAU;AACnC;AAiCA,eAAsB,gCAAA,CAClB,KAAA,EACA,WAAA,GAAuB,KAAA,EACD;AACtB,EAAA,MAAM,iBAAA,GAAoB,yBAAA,CAA0B,KAAA,EAAO,WAAW,CAAA;AAOtE,EAAA,MAAM,CAAC,SAAA,EAAW,UAAU,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA;AAAA;AAAA;AAAA,IAAA,CAI7C,cAAc,iBAAA,GAAoB,yBAAA;AAAA,MAA0B,KAAA;AAAA,MAAO;AAAA;AAAA,KAAsB,EAAG,IAAA;AAAA,MACzF,OAAME,gBAAc,MAAM,0BAAA;AAAA,QAA2BA,WAAAA;AAAA,QAAY;AAAA;AAAA;AAAsB,KAC3F;AAAA,IACA;AAAA,GACH,CAAA;AAED,EAAA,OAAO,EAAE,YAAY,SAAA,EAAU;AACnC;;;AC5EA,IAAM,6BAAA,GAAgC,qCAAA;AAItC,IAAM,0BAAA,GAA6B,oBAAA;AAGnC,IAAM,qBAAA,GAAwB,yBAAA;AAc9B,SAAS,wBAAwB,KAAA,EAAqB;AAClD,EAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,OAAA,CAAQ,+BAA+B,EAAE,CAAA,CAAE,OAAA,CAAQ,0BAAA,EAA4B,EAAE,CAAA;AAE/G,EAAA,MAAM,iBAAA,GAAoB,CAAC,SAAA,KAA+B;AACtD,IAAA,IAAI,MAAM,UAAA,EAAY;AAClB,MAAA,OACI,qBAAA,CAAsB,IAAA,CAAK,SAAA,CAAU,WAAA,EAAa,KAClD,qBAAA,CAAsB,IAAA,CAAK,SAAA,CAAU,WAAA,EAAa,CAAA;AAAA,IAE1D;AACA,IAAA,OAAO,qBAAA,CAAsB,KAAK,SAAS,CAAA;AAAA,EAC/C,CAAA;AAEA,EAAA,KAAA,MAAW,aAAa,QAAA,EAAU;AAC9B,IAAA,IAAI,CAAC,iBAAA,CAAkB,SAAS,CAAA,EAAG;AAC/B,MAAA,MAAM,IAAIF,YAAY,iDAAA,EAAmD;AAAA,QACrE,SAAA;AAAA,QACA,QAAQ,KAAA,CAAM;AAAA,OACjB,CAAA;AAAA,IACL;AAAA,EACJ;AACJ;AAqDA,eAAsB,cAAc,MAAA,EAAuD;AACvF,EAAA,MAAM,EAAE,aAAa,MAAA,GAAS,CAAA,EAAG,cAAc,EAAA,EAAI,WAAA,GAAc,KAAA,EAAO,OAAA,EAAQ,GAAI,MAAA;AAEpF,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI,OAAO,YAAY,UAAA,EAAY;AAC/B,IAAA,OAAA,GAAU,OAAA;AAAA,EACd,CAAA,MAAO;AACH,IAAA,uBAAA,CAAwB,OAAO,CAAA;AAC/B,IAAA,OAAA,GAAU,CAAA,OAAA,KAAW,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAA;AAAA,EAC7C;AAEA,EAAA,IAAI,UAAU,CAAA,EAAG;AACb,IAAA,OAAO,EAAC;AAAA,EACZ;AAEA,EAAA,MAAM,gBAAgB,gBAAA,EAAiB;AACvC,EAAA,MAAM,QAAyB,EAAC;AAEhC,EAAA,OAAO,KAAA,CAAM,SAAS,MAAA,EAAQ;AAC1B,IAAA,WAAA,EAAa,cAAA,EAAe;AAM5B,IAAA,MAAM,QAAQ,MAAM,mBAAA;AAAA,MAChB,OAAA,CAAQ,GAAA;AAAA,QACJ,MAAM,IAAA,CAAK,EAAE,MAAA,EAAQ,WAAA,IAAe,YAAY;AAC5C,UAAA,MAAM,OAAA,GAAU,MAAM,eAAA,CAAgB,WAAW,CAAA;AACjD,UAAA,MAAM,cAAA,GAAiB,IAAI,UAAA,CAAW,MAAM,MAAA,CAAO,OAAO,SAAA,CAAU,KAAA,EAAO,OAAA,CAAQ,SAAS,CAAC,CAAA;AAC7F,UAAA,MAAM,OAAA,GAAU,aAAA,CAAc,MAAA,CAAO,cAAc,CAAA;AACnD,UAAA,OAAO,EAAE,SAAS,OAAA,EAAQ;AAAA,QAC9B,CAAC;AAAA,OACL;AAAA,MACA;AAAA,KACJ;AAEA,IAAA,KAAA,MAAW,EAAE,OAAA,EAAS,OAAA,EAAQ,IAAK,KAAA,EAAO;AACtC,MAAA,IAAI,KAAA,CAAM,UAAU,MAAA,EAAQ;AAC5B,MAAA,IAAI,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClB,QAAA,KAAA,CAAM,KAAK,OAAO,CAAA;AAAA,MACtB;AAAA,IACJ;AAAA,EACJ;AAEA,EAAA,OAAO,KAAA;AACX;AAsFA,eAAsB,aAAa,MAAA,EAAqE;AACpG,EAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,aAAA,CAAc,EAAE,GAAG,MAAA,EAAQ,MAAA,EAAQ,CAAA,EAAG,CAAA;AAC9D,EAAA,OAAO,OAAA;AACX;;;ACpOA,eAAsB,YAAA,CAClB,OAAA,EACA,IAAA,EACA,MAAA,GAA6B,EAAC,EACjB;AACb,EAAiB;AACb,IAAA,MAAM,IAAIA,YAAY,0DAA0D,CAAA;AAAA,EACpF;AAuCJ","file":"index.native.mjs","sourcesContent":["export const ED25519_ALGORITHM_IDENTIFIER =\n // Resist the temptation to convert this to a simple string; As of version 133.0.3, Firefox\n // requires the object form of `AlgorithmIdentifier` and will throw a `DOMException` otherwise.\n Object.freeze({ name: 'Ed25519' });\n","import { ReadonlyUint8Array } from '@solana/codecs-core';\nimport { SOLANA_ERROR__KEYS__INVALID_PRIVATE_KEY_BYTE_LENGTH, SolanaError } from '@solana/errors';\n\nimport { ED25519_ALGORITHM_IDENTIFIER } from './algorithm';\n\nfunction addPkcs8Header(bytes: ReadonlyUint8Array): ReadonlyUint8Array {\n // prettier-ignore\n return new Uint8Array([\n /**\n * PKCS#8 header\n */\n 0x30, // ASN.1 sequence tag\n 0x2e, // Length of sequence (46 more bytes)\n\n 0x02, // ASN.1 integer tag\n 0x01, // Length of integer\n 0x00, // Version number\n\n 0x30, // ASN.1 sequence tag\n 0x05, // Length of sequence\n 0x06, // ASN.1 object identifier tag\n 0x03, // Length of object identifier\n // Edwards curve algorithms identifier https://oid-rep.orange-labs.fr/get/1.3.101.112\n 0x2b, // iso(1) / identified-organization(3) (The first node is multiplied by the decimal 40 and the result is added to the value of the second node)\n 0x65, // thawte(101)\n // Ed25519 identifier\n 0x70, // id-Ed25519(112)\n\n /**\n * Private key payload\n */\n 0x04, // ASN.1 octet string tag\n 0x22, // String length (34 more bytes)\n\n // Private key bytes as octet string\n 0x04, // ASN.1 octet string tag\n 0x20, // String length (32 bytes)\n\n ...bytes\n ]);\n}\n\n/**\n * Given a private key represented as a 32-byte `Uint8Array`, creates an Ed25519 private key for use\n * with other methods in this package that accept\n * [`CryptoKey`](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) objects.\n *\n * @param bytes 32 bytes that represent the private key\n * @param extractable Setting this to `true` makes it possible to extract the bytes of the private\n * key using the [`crypto.subtle.exportKey()`](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/exportKey)\n * API. Defaults to `false`.\n *\n * @example\n * ```ts\n * import { createPrivateKeyFromBytes } from '@solana/keys';\n *\n * const privateKey = await createPrivateKeyFromBytes(new Uint8Array([...]));\n * const extractablePrivateKey = await createPrivateKeyFromBytes(new Uint8Array([...]), true);\n * ```\n */\nexport async function createPrivateKeyFromBytes(\n bytes: ReadonlyUint8Array,\n extractable: boolean = false,\n): Promise {\n const actualLength = bytes.byteLength;\n if (actualLength !== 32) {\n throw new SolanaError(SOLANA_ERROR__KEYS__INVALID_PRIVATE_KEY_BYTE_LENGTH, {\n actualLength,\n });\n }\n const privateKeyBytesPkcs8 = addPkcs8Header(bytes);\n return await crypto.subtle.importKey('pkcs8', privateKeyBytesPkcs8, ED25519_ALGORITHM_IDENTIFIER, extractable, [\n 'sign',\n ]);\n}\n","import { assertKeyExporterIsAvailable } from '@solana/assertions';\nimport { SOLANA_ERROR__SUBTLE_CRYPTO__CANNOT_EXPORT_NON_EXTRACTABLE_KEY, SolanaError } from '@solana/errors';\n\n/**\n * Given an extractable [`CryptoKey`](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey)\n * private key, gets the corresponding public key as a\n * [`CryptoKey`](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey).\n *\n * @param extractable Setting this to `true` makes it possible to extract the bytes of the public\n * key using the [`crypto.subtle.exportKey()`](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/exportKey)\n * API. Defaults to `false`.\n *\n * @example\n * ```ts\n * import { createPrivateKeyFromBytes, getPublicKeyFromPrivateKey } from '@solana/keys';\n *\n * const privateKey = await createPrivateKeyFromBytes(new Uint8Array([...]), true);\n *\n * const publicKey = await getPublicKeyFromPrivateKey(privateKey);\n * const extractablePublicKey = await getPublicKeyFromPrivateKey(privateKey, true);\n * ```\n */\nexport async function getPublicKeyFromPrivateKey(\n privateKey: CryptoKey,\n extractable: boolean = false,\n): Promise {\n assertKeyExporterIsAvailable();\n\n if (privateKey.extractable === false) {\n throw new SolanaError(SOLANA_ERROR__SUBTLE_CRYPTO__CANNOT_EXPORT_NON_EXTRACTABLE_KEY, { key: privateKey });\n }\n\n // Export private key.\n const jwk = await crypto.subtle.exportKey('jwk', privateKey);\n\n // Import public key.\n return await crypto.subtle.importKey(\n 'jwk',\n {\n crv /* curve */: 'Ed25519',\n ext /* extractable */: extractable,\n key_ops /* key operations */: ['verify'],\n kty /* key type */: 'OKP' /* octet key pair */,\n x /* public key x-coordinate */: jwk.x,\n },\n 'Ed25519',\n extractable,\n ['verify'],\n );\n}\n","import { assertSigningCapabilityIsAvailable, assertVerificationCapabilityIsAvailable } from '@solana/assertions';\nimport { Encoder, ReadonlyUint8Array, toArrayBuffer } from '@solana/codecs-core';\nimport { getBase58Encoder } from '@solana/codecs-strings';\nimport {\n SOLANA_ERROR__KEYS__INVALID_SIGNATURE_BYTE_LENGTH,\n SOLANA_ERROR__KEYS__SIGNATURE_STRING_LENGTH_OUT_OF_RANGE,\n SolanaError,\n} from '@solana/errors';\nimport { Brand, EncodedString } from '@solana/nominal-types';\n\nimport { ED25519_ALGORITHM_IDENTIFIER } from './algorithm';\n\n/**\n * A 64-byte Ed25519 signature as a base58-encoded string.\n */\nexport type Signature = Brand, 'Signature'>;\n/**\n * A 64-byte Ed25519 signature.\n *\n * Whenever you need to verify that a particular signature is, in fact, the one that would have been\n * produced by signing some known bytes using the private key associated with some known public key,\n * use the {@link verifySignature} function in this package.\n */\nexport type SignatureBytes = Brand;\n\nlet base58Encoder: Encoder | undefined;\n\n/**\n * Asserts that an arbitrary string is a base58-encoded Ed25519 signature.\n *\n * Useful when you receive a string from user input or an untrusted network API that you expect to\n * represent an Ed25519 signature (eg. of a transaction).\n *\n * @example\n * ```ts\n * import { assertIsSignature } from '@solana/keys';\n *\n * // Imagine a function that asserts whether a user-supplied signature is valid or not.\n * function handleSubmit() {\n * // We know only that what the user typed conforms to the `string` type.\n * const signature: string = signatureInput.value;\n * try {\n * // If this type assertion function doesn't throw, then\n * // Typescript will upcast `signature` to `Signature`.\n * assertIsSignature(signature);\n * // At this point, `signature` is a `Signature` that can be used with the RPC.\n * const {\n * value: [status],\n * } = await rpc.getSignatureStatuses([signature]).send();\n * } catch (e) {\n * // `signature` turned out not to be a base58-encoded signature\n * }\n * }\n * ```\n */\nexport function assertIsSignature(putativeSignature: string): asserts putativeSignature is Signature {\n if (!base58Encoder) base58Encoder = getBase58Encoder();\n // Fast-path; see if the input string is of an acceptable length.\n if (\n // Lowest value (64 bytes of zeroes)\n putativeSignature.length < 64 ||\n // Highest value (64 bytes of 255)\n putativeSignature.length > 88\n ) {\n throw new SolanaError(SOLANA_ERROR__KEYS__SIGNATURE_STRING_LENGTH_OUT_OF_RANGE, {\n actualLength: putativeSignature.length,\n });\n }\n // Slow-path; actually attempt to decode the input string.\n const bytes = base58Encoder.encode(putativeSignature);\n assertIsSignatureBytes(bytes);\n}\n\n/**\n * Asserts that an arbitrary `ReadonlyUint8Array` is an Ed25519 signature.\n *\n * Useful when you receive a `ReadonlyUint8Array` from an external interface (like the browser wallets' `signMessage` API) that you expect to\n * represent an Ed25519 signature.\n *\n * @example\n * ```ts\n * import { assertIsSignatureBytes } from '@solana/keys';\n *\n * // Imagine a function that verifies a signature.\n * function verifySignature() {\n * // We know only that the input conforms to the `ReadonlyUint8Array` type.\n * const signatureBytes: ReadonlyUint8Array = signatureBytesInput;\n * try {\n * // If this type assertion function doesn't throw, then\n * // Typescript will upcast `signatureBytes` to `SignatureBytes`.\n * assertIsSignatureBytes(signatureBytes);\n * // At this point, `signatureBytes` is a `SignatureBytes` that can be used with `verifySignature`.\n * if (!(await verifySignature(publicKey, signatureBytes, data))) {\n * throw new Error('The data were *not* signed by the private key associated with `publicKey`');\n * }\n * } catch (e) {\n * // `signatureBytes` turned out not to be a 64-byte Ed25519 signature\n * }\n * }\n * ```\n */\nexport function assertIsSignatureBytes(\n putativeSignatureBytes: ReadonlyUint8Array,\n): asserts putativeSignatureBytes is SignatureBytes {\n const numBytes = putativeSignatureBytes.byteLength;\n if (numBytes !== 64) {\n throw new SolanaError(SOLANA_ERROR__KEYS__INVALID_SIGNATURE_BYTE_LENGTH, {\n actualLength: numBytes,\n });\n }\n}\n\n/**\n * A type guard that accepts a string as input. It will both return `true` if the string conforms to\n * the {@link Signature} type and will refine the type for use in your program.\n *\n * @example\n * ```ts\n * import { isSignature } from '@solana/keys';\n *\n * if (isSignature(signature)) {\n * // At this point, `signature` has been refined to a\n * // `Signature` that can be used with the RPC.\n * const {\n * value: [status],\n * } = await rpc.getSignatureStatuses([signature]).send();\n * setSignatureStatus(status);\n * } else {\n * setError(`${signature} is not a transaction signature`);\n * }\n * ```\n */\nexport function isSignature(putativeSignature: string): putativeSignature is Signature {\n if (!base58Encoder) base58Encoder = getBase58Encoder();\n\n // Fast-path; see if the input string is of an acceptable length.\n if (\n // Lowest value (64 bytes of zeroes)\n putativeSignature.length < 64 ||\n // Highest value (64 bytes of 255)\n putativeSignature.length > 88\n ) {\n return false;\n }\n // Slow-path; actually attempt to decode the input string.\n const bytes = base58Encoder.encode(putativeSignature);\n return isSignatureBytes(bytes);\n}\n\n/**\n * A type guard that accepts a `ReadonlyUint8Array` as input. It will both return `true` if the `ReadonlyUint8Array` conforms to\n * the {@link SignatureBytes} type and will refine the type for use in your program.\n *\n * @example\n * ```ts\n * import { isSignatureBytes } from '@solana/keys';\n *\n * if (isSignatureBytes(signatureBytes)) {\n * // At this point, `signatureBytes` has been refined to a\n * // `SignatureBytes` that can be used with `verifySignature`.\n * if (!(await verifySignature(publicKey, signatureBytes, data))) {\n * throw new Error('The data were *not* signed by the private key associated with `publicKey`');\n * }\n * } else {\n * setError(`${signatureBytes} is not a 64-byte Ed25519 signature`);\n * }\n * ```\n */\nexport function isSignatureBytes(putativeSignatureBytes: ReadonlyUint8Array): putativeSignatureBytes is SignatureBytes {\n return putativeSignatureBytes.byteLength === 64;\n}\n\n/**\n * Given a private [`CryptoKey`](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) and a\n * `Uint8Array` of bytes, this method will return the 64-byte Ed25519 signature of that data as a\n * `Uint8Array`.\n *\n * @example\n * ```ts\n * import { signBytes } from '@solana/keys';\n *\n * const data = new Uint8Array([1, 2, 3]);\n * const signature = await signBytes(privateKey, data);\n * ```\n */\nexport async function signBytes(key: CryptoKey, data: ReadonlyUint8Array): Promise {\n assertSigningCapabilityIsAvailable();\n const signedData = await crypto.subtle.sign(ED25519_ALGORITHM_IDENTIFIER, key, toArrayBuffer(data));\n return new Uint8Array(signedData) as SignatureBytes;\n}\n\n/**\n * This helper combines _asserting_ that a string is an Ed25519 signature with _coercing_ it to the\n * {@link Signature} type. It's best used with untrusted input.\n *\n * @example\n * ```ts\n * import { signature } from '@solana/keys';\n *\n * const signature = signature(userSuppliedSignature);\n * const {\n * value: [status],\n * } = await rpc.getSignatureStatuses([signature]).send();\n * ```\n */\nexport function signature(putativeSignature: string): Signature {\n assertIsSignature(putativeSignature);\n return putativeSignature;\n}\n\n/**\n * This helper combines _asserting_ that a `ReadonlyUint8Array` is an Ed25519 signature with _coercing_ it to the\n * {@link SignatureBytes} type. It's best used with untrusted input.\n *\n * @example\n * ```ts\n * import { signatureBytes } from '@solana/keys';\n *\n * const signature = signatureBytes(userSuppliedSignatureBytes);\n * if (!(await verifySignature(publicKey, signature, data))) {\n * throw new Error('The data were *not* signed by the private key associated with `publicKey`');\n * }\n * ```\n */\nexport function signatureBytes(putativeSignatureBytes: ReadonlyUint8Array): SignatureBytes {\n assertIsSignatureBytes(putativeSignatureBytes);\n return putativeSignatureBytes;\n}\n\n/**\n * Given a public [`CryptoKey`](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey), some\n * {@link SignatureBytes}, and a `Uint8Array` of data, this method will return `true` if the\n * signature was produced by signing the data using the private key associated with the public key,\n * and `false` otherwise.\n *\n * @example\n * ```ts\n * import { verifySignature } from '@solana/keys';\n *\n * const data = new Uint8Array([1, 2, 3]);\n * if (!(await verifySignature(publicKey, signature, data))) {\n * throw new Error('The data were *not* signed by the private key associated with `publicKey`');\n * }\n * ```\n */\nexport async function verifySignature(\n key: CryptoKey,\n signature: SignatureBytes,\n data: ReadonlyUint8Array,\n): Promise {\n assertVerificationCapabilityIsAvailable();\n return await crypto.subtle.verify(ED25519_ALGORITHM_IDENTIFIER, key, toArrayBuffer(signature), toArrayBuffer(data));\n}\n","import { assertKeyGenerationIsAvailable, assertPRNGIsAvailable } from '@solana/assertions';\nimport { ReadonlyUint8Array } from '@solana/codecs-core';\nimport {\n SOLANA_ERROR__KEYS__INVALID_KEY_PAIR_BYTE_LENGTH,\n SOLANA_ERROR__KEYS__PUBLIC_KEY_MUST_MATCH_PRIVATE_KEY,\n SolanaError,\n} from '@solana/errors';\n\nimport { ED25519_ALGORITHM_IDENTIFIER } from './algorithm';\nimport { createPrivateKeyFromBytes } from './private-key';\nimport { getPublicKeyFromPrivateKey } from './public-key';\nimport { signBytes, verifySignature } from './signatures';\n\n/**\n * Generates an Ed25519 public/private key pair for use with other methods in this package that\n * accept [`CryptoKey`](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) objects.\n *\n * @param extractable Setting this to `true` makes it possible to extract the bytes of the private\n * key using the [`crypto.subtle.exportKey()`](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/exportKey)\n * API. Defaults to `false`, which prevents the bytes of the private key from being visible to JS.\n *\n * @example\n * ```ts\n * import { generateKeyPair } from '@solana/keys';\n *\n * const { privateKey, publicKey } = await generateKeyPair();\n * ```\n */\nexport async function generateKeyPair(extractable: boolean = false): Promise {\n await assertKeyGenerationIsAvailable();\n const keyPair = await crypto.subtle.generateKey(\n /* algorithm */ ED25519_ALGORITHM_IDENTIFIER, // Native implementation status: https://github.com/WICG/webcrypto-secure-curves/issues/20\n extractable,\n /* allowed uses */ ['sign', 'verify'],\n );\n return keyPair;\n}\n\n/**\n * Given a 64-byte `Uint8Array` secret key, creates an Ed25519 public/private key pair for use with\n * other methods in this package that accept [`CryptoKey`](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey)\n * objects.\n *\n * @param bytes 64 bytes, the first 32 of which represent the private key and the last 32 of which\n * represent its associated public key\n * @param extractable Setting this to `true` makes it possible to extract the bytes of the private\n * key using the [`crypto.subtle.exportKey()`](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/exportKey)\n * API. Defaults to `false`.\n *\n * @example\n * ```ts\n * import fs from 'fs';\n * import { createKeyPairFromBytes } from '@solana/keys';\n *\n * // Get bytes from local keypair file.\n * const keypairFile = fs.readFileSync('~/.config/solana/id.json');\n * const keypairBytes = new Uint8Array(JSON.parse(keypairFile.toString()));\n *\n * // Create a CryptoKeyPair from the bytes.\n * const { privateKey, publicKey } = await createKeyPairFromBytes(keypairBytes);\n * ```\n *\n * @see {@link writeKeyPair} — the inverse helper that persists a key pair to disk in the\n * same format.\n */\nexport async function createKeyPairFromBytes(\n bytes: ReadonlyUint8Array,\n extractable: boolean = false,\n): Promise {\n assertPRNGIsAvailable();\n\n if (bytes.byteLength !== 64) {\n throw new SolanaError(SOLANA_ERROR__KEYS__INVALID_KEY_PAIR_BYTE_LENGTH, { byteLength: bytes.byteLength });\n }\n const [publicKey, privateKey] = await Promise.all([\n crypto.subtle.importKey('raw', bytes.slice(32), ED25519_ALGORITHM_IDENTIFIER, /* extractable */ true, [\n 'verify',\n ]),\n createPrivateKeyFromBytes(bytes.slice(0, 32), extractable),\n ]);\n\n // Verify the key pair\n const randomBytes = new Uint8Array(32);\n crypto.getRandomValues(randomBytes);\n const signedData = await signBytes(privateKey, randomBytes);\n const isValid = await verifySignature(publicKey, signedData, randomBytes);\n if (!isValid) {\n throw new SolanaError(SOLANA_ERROR__KEYS__PUBLIC_KEY_MUST_MATCH_PRIVATE_KEY);\n }\n\n return { privateKey, publicKey } as CryptoKeyPair;\n}\n\n/**\n * Given a private key represented as a 32-byte `Uint8Array`, creates an Ed25519 public/private key\n * pair for use with other methods in this package that accept [`CryptoKey`](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey)\n * objects.\n *\n * @param bytes 32 bytes that represent the private key\n * @param extractable Setting this to `true` makes it possible to extract the bytes of the private\n * key using the [`crypto.subtle.exportKey()`](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/exportKey)\n * API. Defaults to `false`.\n *\n * @example\n * ```ts\n * import { createKeyPairFromPrivateKeyBytes } from '@solana/keys';\n *\n * const { privateKey, publicKey } = await createKeyPairFromPrivateKeyBytes(new Uint8Array([...]));\n * ```\n *\n * This can be useful when you have a private key but not the corresponding public key or when you\n * need to derive key pairs from seeds. For instance, the following code snippet derives a key pair\n * from the hash of a message.\n *\n * ```ts\n * import { getUtf8Encoder } from '@solana/codecs-strings';\n * import { createKeyPairFromPrivateKeyBytes } from '@solana/keys';\n *\n * const message = getUtf8Encoder().encode('Hello, World!');\n * const seed = new Uint8Array(await crypto.subtle.digest('SHA-256', message));\n *\n * const derivedKeypair = await createKeyPairFromPrivateKeyBytes(seed);\n * ```\n */\nexport async function createKeyPairFromPrivateKeyBytes(\n bytes: ReadonlyUint8Array,\n extractable: boolean = false,\n): Promise {\n const privateKeyPromise = createPrivateKeyFromBytes(bytes, extractable);\n\n // Here we need the private key to be extractable in order to export\n // it as a public key. Therefore, if the `extractable` parameter\n // is `false`, we need to create two private keys such that:\n // - The extractable one is used to create the public key and\n // - The non-extractable one is the one we will return.\n const [publicKey, privateKey] = await Promise.all([\n // This nested promise makes things efficient by\n // creating the public key in parallel with the\n // second private key creation, if it is needed.\n (extractable ? privateKeyPromise : createPrivateKeyFromBytes(bytes, true /* extractable */)).then(\n async privateKey => await getPublicKeyFromPrivateKey(privateKey, true /* extractable */),\n ),\n privateKeyPromise,\n ]);\n\n return { privateKey, publicKey };\n}\n","import { getBase58Decoder } from '@solana/codecs-strings';\nimport { SOLANA_ERROR__KEYS__INVALID_BASE58_IN_GRIND_REGEX, SolanaError } from '@solana/errors';\nimport { getAbortablePromise } from '@solana/promises';\n\nimport { generateKeyPair } from './key-pair';\n\n/**\n * A function or {@link RegExp} used to test whether a candidate base58-encoded\n * address produced from a generated key pair satisfies the grind criteria.\n *\n * - When a `RegExp` is provided, its literal characters (outside of escape\n * sequences, character classes, quantifiers, and groups) are validated up\n * front to ensure they are all in the base58 alphabet. This catches common\n * typos like `/^ab0/` before any key generation takes place.\n * - When a function is provided, it is used as-is with no validation. Use this\n * form when you need arbitrary matching logic that falls outside what a\n * simple regex can express.\n *\n * @see {@link grindKeyPair}\n * @see {@link grindKeyPairs}\n */\nexport type GrindKeyPairMatches = RegExp | ((address: string) => boolean);\n\n/**\n * Configuration object accepted by {@link grindKeyPairs}.\n *\n * @see {@link grindKeyPairs}\n * @see {@link GrindKeyPairMatches}\n */\nexport type GrindKeyPairsConfig = Readonly<{\n /**\n * An optional {@link AbortSignal} used to cancel the grind loop. When the\n * signal fires, the returned promise rejects immediately with the signal's\n * reason, even if a batch of key pair generations is still in flight (the\n * in-flight generations are abandoned in the background).\n */\n abortSignal?: AbortSignal;\n /**\n * The number of matching key pairs to return. Defaults to `1`. Values less\n * than or equal to `0` cause the function to return an empty array without\n * generating any key pairs (after validating the `matches` regex, if any).\n */\n amount?: number;\n /**\n * The number of key pairs to generate in parallel per batch. Defaults to\n * `32`. Higher values increase throughput at the cost of more memory\n * pressure per batch.\n */\n concurrency?: number;\n /**\n * Setting this to `true` makes it possible to extract the bytes of the\n * generated private keys using\n * [`crypto.subtle.exportKey()`](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/exportKey).\n * This value is forwarded to the inner {@link generateKeyPair} call and\n * defaults to `false`, which prevents the bytes of the private key from\n * being visible to JS.\n */\n extractable?: boolean;\n /**\n * Either a {@link RegExp} or a predicate function that tests candidate\n * base58-encoded addresses. See {@link GrindKeyPairMatches} for details.\n */\n matches: GrindKeyPairMatches;\n}>;\n\n// Matches regex parts that should be skipped during base58 validation:\n// - `\\` escape sequences\n// - `[...]` character classes\n// - `{...}` quantifiers\n// - `(...)` groups\nconst STRIP_UNVALIDATED_REGEX_PARTS = /\\\\.|\\[[^\\]]*\\]|\\{[^}]*\\}|\\([^)]*\\)/g;\n\n// Matches regex metacharacters and stray grouping delimiters that may remain\n// after stripping the unvalidated parts above.\nconst STRIP_GRIND_METACHARACTERS = /[$()*+./?[\\]^{|}]/g;\n\n// Matches a string containing only characters from the base58 alphabet.\nconst BASE58_ALPHABET_REGEX = /^[1-9A-HJ-NP-Za-km-z]*$/;\n\n/**\n * Validates that every top-level literal character in the provided regex is\n * part of the base58 alphabet used by Solana addresses. Characters inside\n * escape sequences, character classes, quantifiers, and groups are skipped\n * because they cannot be analyzed reliably without a full regex parser.\n *\n * When the regex has the `i` flag, a literal character is considered valid if\n * either its upper-case or lower-case form is in the base58 alphabet.\n *\n * Throws {@link SOLANA_ERROR__KEYS__INVALID_BASE58_IN_GRIND_REGEX} on the first\n * invalid character encountered.\n */\nfunction assertGrindRegexIsValid(regex: RegExp): void {\n const stripped = regex.source.replace(STRIP_UNVALIDATED_REGEX_PARTS, '').replace(STRIP_GRIND_METACHARACTERS, '');\n\n const isBase58Character = (character: string): boolean => {\n if (regex.ignoreCase) {\n return (\n BASE58_ALPHABET_REGEX.test(character.toLowerCase()) ||\n BASE58_ALPHABET_REGEX.test(character.toUpperCase())\n );\n }\n return BASE58_ALPHABET_REGEX.test(character);\n };\n\n for (const character of stripped) {\n if (!isBase58Character(character)) {\n throw new SolanaError(SOLANA_ERROR__KEYS__INVALID_BASE58_IN_GRIND_REGEX, {\n character,\n source: regex.source,\n });\n }\n }\n}\n\n/**\n * Generates multiple Ed25519 key pairs whose base58-encoded public key\n * satisfies the provided `matches` criterion.\n *\n * Key pairs are generated in batches of `concurrency` in parallel and tested\n * against the matcher. The loop continues until `amount` matching key pairs\n * have been found or the provided `abortSignal` is aborted.\n *\n * When `matches` is a {@link RegExp}, its literal characters are validated\n * against the base58 alphabet up front to prevent infinite loops caused by\n * typos (e.g. `/^anza0/`). When `matches` is a function, it is used as-is\n * with no validation.\n *\n * @param config - See {@link GrindKeyPairsConfig}.\n * @returns A promise that resolves to an array of exactly `amount`\n * {@link CryptoKeyPair} instances, each of which satisfies the matcher. When\n * `amount <= 0`, the promise resolves to an empty array.\n *\n * @example\n * Find four key pairs whose address starts with `anza`:\n * ```ts\n * import { grindKeyPairs } from '@solana/keys';\n *\n * const keyPairs = await grindKeyPairs({ matches: /^anza/, amount: 4 });\n * ```\n *\n * @example\n * Use a predicate function for arbitrary matching logic:\n * ```ts\n * import { grindKeyPairs } from '@solana/keys';\n *\n * const keyPairs = await grindKeyPairs({\n * matches: address => address.startsWith('anza') && address.endsWith('end'),\n * amount: 2,\n * });\n * ```\n *\n * @example\n * Cancel a long-running grind using an {@link AbortSignal}:\n * ```ts\n * import { grindKeyPairs } from '@solana/keys';\n *\n * const keyPairs = await grindKeyPairs({\n * matches: /^anza/,\n * amount: 10,\n * abortSignal: AbortSignal.timeout(60_000),\n * });\n * ```\n *\n * @see {@link grindKeyPair}\n */\nexport async function grindKeyPairs(config: GrindKeyPairsConfig): Promise {\n const { abortSignal, amount = 1, concurrency = 32, extractable = false, matches } = config;\n\n let matcher: (address: string) => boolean;\n if (typeof matches === 'function') {\n matcher = matches;\n } else {\n assertGrindRegexIsValid(matches);\n matcher = address => matches.test(address);\n }\n\n if (amount <= 0) {\n return [];\n }\n\n const base58Decoder = getBase58Decoder();\n const found: CryptoKeyPair[] = [];\n\n while (found.length < amount) {\n abortSignal?.throwIfAborted();\n\n // Generate one batch of `concurrency` key pairs in parallel. The\n // batch is wrapped in `getAbortablePromise` so that cancellation\n // takes effect as soon as the signal fires, rather than waiting for\n // the in-flight key generations to settle.\n const batch = await getAbortablePromise(\n Promise.all(\n Array.from({ length: concurrency }, async () => {\n const keyPair = await generateKeyPair(extractable);\n const publicKeyBytes = new Uint8Array(await crypto.subtle.exportKey('raw', keyPair.publicKey));\n const address = base58Decoder.decode(publicKeyBytes);\n return { address, keyPair };\n }),\n ),\n abortSignal,\n );\n\n for (const { address, keyPair } of batch) {\n if (found.length >= amount) break;\n if (matcher(address)) {\n found.push(keyPair);\n }\n }\n }\n\n return found;\n}\n\n/**\n * Generates a single Ed25519 key pair whose base58-encoded public key\n * satisfies the provided `matches` criterion. This is the main entry point\n * for mining vanity Solana addresses: the function keeps generating fresh\n * key pairs in parallel batches until one of them matches.\n *\n * When `matches` is a {@link RegExp}, its literal characters (outside of\n * escape sequences, character classes, quantifiers, and groups) are\n * validated against the base58 alphabet up front. This catches common typos\n * such as `/^ab0/` (`0` is not in the base58 alphabet) before any key is\n * generated, preventing a guaranteed infinite loop.\n *\n * When `matches` is a function, it is used as-is with no validation — use\n * this form when you need arbitrary matching logic that cannot be expressed\n * as a regex. Be mindful that if the function can never return `true`, the\n * grind loop will never terminate unless you supply an {@link AbortSignal}.\n *\n * @param config - See {@link GrindKeyPairsConfig}. The `amount` field is\n * omitted because this function always returns a single key pair.\n *\n * @returns A promise that resolves to a {@link CryptoKeyPair} whose\n * base58-encoded public key satisfies the matcher.\n *\n * @throws {@link SOLANA_ERROR__KEYS__INVALID_BASE58_IN_GRIND_REGEX} when the\n * provided regex contains a literal character that is not in the base58\n * alphabet.\n *\n * @throws The `AbortSignal`'s reason when the supplied `abortSignal` is\n * fired (either before the function is called or during the grind loop).\n *\n * @example\n * Mine a vanity address that starts with `anza`:\n * ```ts\n * import { grindKeyPair } from '@solana/keys';\n *\n * const keyPair = await grindKeyPair({ matches: /^anza/ });\n * ```\n *\n * @example\n * Use the `i` flag for case-insensitive matching:\n * ```ts\n * import { grindKeyPair } from '@solana/keys';\n *\n * const keyPair = await grindKeyPair({ matches: /^anza/i });\n * ```\n *\n * @example\n * Use a predicate function for arbitrary matching logic:\n * ```ts\n * import { grindKeyPair } from '@solana/keys';\n *\n * const keyPair = await grindKeyPair({\n * matches: address => address.startsWith('anza') && address.length === 44,\n * });\n * ```\n *\n * @example\n * Cap the grind at 60 seconds using\n * [`AbortSignal.timeout()`](https://developer.mozilla.org/en-US/docs/Web/API/AbortSignal/timeout_static):\n * ```ts\n * import { grindKeyPair } from '@solana/keys';\n *\n * const keyPair = await grindKeyPair({\n * matches: /^anza/,\n * abortSignal: AbortSignal.timeout(60_000),\n * });\n * ```\n *\n * @example\n * Generate an extractable key pair so you can persist its private key bytes:\n * ```ts\n * import { grindKeyPair } from '@solana/keys';\n *\n * const keyPair = await grindKeyPair({ matches: /^anza/, extractable: true });\n * const privateKeyBytes = new Uint8Array(\n * await crypto.subtle.exportKey('pkcs8', keyPair.privateKey),\n * );\n * ```\n *\n * @see {@link grindKeyPairs}\n * @see {@link GrindKeyPairsConfig}\n * @see {@link GrindKeyPairMatches}\n * @see {@link generateKeyPair}\n */\nexport async function grindKeyPair(config: Omit): Promise {\n const [keyPair] = await grindKeyPairs({ ...config, amount: 1 });\n return keyPair;\n}\n","import {\n SOLANA_ERROR__KEYS__INVALID_PRIVATE_KEY_BYTE_LENGTH,\n SOLANA_ERROR__KEYS__WRITE_KEY_PAIR_UNSUPPORTED_ENVIRONMENT,\n SOLANA_ERROR__SUBTLE_CRYPTO__CANNOT_EXPORT_NON_EXTRACTABLE_KEY,\n SolanaError,\n} from '@solana/errors';\nimport { dirname, mkdir, writeFile } from '@solana/fs-impl';\n\n/**\n * Configuration options for {@link writeKeyPair} and {@link writeKeyPairSigner}.\n */\nexport type WriteKeyPairConfig = Readonly<{\n /**\n * When `true`, allows the write to overwrite an existing file at the destination path.\n * Defaults to `false`, in which case attempting to write to a path that already exists\n * will throw an `EEXIST` error.\n *\n * **DANGER:** Overwriting an existing key pair file with a different key pair\n * permanently destroys the previous key and, with it, access to any funds or\n * onchain state controlled by that address. This action is irreversible.\n * Only enable this option if you are certain the existing file is disposable.\n */\n unsafelyOverwriteExistingKeyPair?: boolean;\n}>;\n\n/**\n * Writes an extractable {@link CryptoKeyPair} to disk as a JSON array of 64 bytes, matching\n * the format produced by `solana-keygen`. The first 32 bytes are the raw Ed25519 seed\n * (private key) and the last 32 bytes are the raw public key.\n *\n * Any missing parent directories are created automatically. The written file uses mode\n * `0600` (owner read/write only) to match `solana-keygen`.\n *\n * This helper requires a writable filesystem and will throw in environments that don't\n * provide one (such as browsers or React Native).\n *\n * @param keyPair - An extractable {@link CryptoKeyPair}. Both the private and public keys\n * must have been created with `extractable: true`.\n * @param path - The destination path on disk.\n * @param config - See {@link WriteKeyPairConfig}.\n *\n * @throws A {@link SolanaError} of code\n * {@link SOLANA_ERROR__KEYS__WRITE_KEY_PAIR_UNSUPPORTED_ENVIRONMENT | `SOLANA_ERROR__KEYS__WRITE_KEY_PAIR_UNSUPPORTED_ENVIRONMENT`}\n * when called in an environment without a writable filesystem.\n * @throws A {@link SolanaError} of code\n * {@link SOLANA_ERROR__SUBTLE_CRYPTO__CANNOT_EXPORT_NON_EXTRACTABLE_KEY | `SOLANA_ERROR__SUBTLE_CRYPTO__CANNOT_EXPORT_NON_EXTRACTABLE_KEY`}\n * when either the private or public key is not extractable.\n *\n * @example\n * ```ts\n * import { generateKeyPair, writeKeyPair } from '@solana/keys';\n *\n * // Generate an extractable key pair so its bytes can be persisted.\n * const keyPair = await generateKeyPair(true);\n * await writeKeyPair(keyPair, './my-keypair.json');\n * ```\n *\n * @example\n * Overwriting an existing file requires an explicit opt-in, because doing so permanently\n * destroys the previous key and any funds controlled by it:\n * ```ts\n * import { writeKeyPair } from '@solana/keys';\n *\n * await writeKeyPair(keyPair, './my-keypair.json', {\n * unsafelyOverwriteExistingKeyPair: true,\n * });\n * ```\n *\n * @see {@link createKeyPairFromBytes} — the inverse helper that loads a key pair from a\n * 64-byte buffer.\n * @see {@link writeKeyPairSigner} — the signer-flavored variant from `@solana/signers`.\n */\nexport async function writeKeyPair(\n keyPair: CryptoKeyPair,\n path: string,\n config: WriteKeyPairConfig = {},\n): Promise {\n if (!__NODEJS__) {\n throw new SolanaError(SOLANA_ERROR__KEYS__WRITE_KEY_PAIR_UNSUPPORTED_ENVIRONMENT);\n }\n\n if (!keyPair.privateKey.extractable) {\n throw new SolanaError(SOLANA_ERROR__SUBTLE_CRYPTO__CANNOT_EXPORT_NON_EXTRACTABLE_KEY, {\n key: keyPair.privateKey,\n });\n }\n if (!keyPair.publicKey.extractable) {\n throw new SolanaError(SOLANA_ERROR__SUBTLE_CRYPTO__CANNOT_EXPORT_NON_EXTRACTABLE_KEY, {\n key: keyPair.publicKey,\n });\n }\n\n const [privateKeyPkcs8, publicKeyRaw] = await Promise.all([\n crypto.subtle.exportKey('pkcs8', keyPair.privateKey),\n crypto.subtle.exportKey('raw', keyPair.publicKey),\n ]);\n // The PKCS#8 header added by `createPrivateKeyFromBytes` (see `./private-key.ts`) is\n // a fixed 16-byte prefix for Ed25519 keys, so slicing it off yields the raw 32-byte\n // seed that `solana-keygen` writes as the first half of its output. The length\n // check below is a forward-compatibility guard in case WebCrypto ever emits a\n // different envelope shape for this curve.\n const privateKeyBytes = new Uint8Array(privateKeyPkcs8).slice(16);\n if (privateKeyBytes.byteLength !== 32) {\n throw new SolanaError(SOLANA_ERROR__KEYS__INVALID_PRIVATE_KEY_BYTE_LENGTH, {\n actualLength: privateKeyBytes.byteLength,\n });\n }\n const publicKeyBytes = new Uint8Array(publicKeyRaw);\n\n const bytes = new Uint8Array(64);\n bytes.set(privateKeyBytes, 0);\n bytes.set(publicKeyBytes, 32);\n\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, JSON.stringify(Array.from(bytes)), {\n flag: config.unsafelyOverwriteExistingKeyPair ? 'w' : 'wx',\n mode: 0o600,\n });\n}\n"]}